CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
zonemaster.es/zonemaster/docs/public/specifications/tests/Nameserver-TP/nameserver02.md

129 lines
5.0 KiB
Markdown
Raw Permalink Normal View History

feat: add full Zonemaster stack with Docker and Spanish UI - Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00
# NAMESERVER02: Test of EDNS0 support
## Test case identifier
**NAMESERVER02**
## Objective
EDNS(0) is a mechanism to announce capabilities of a DNS implementation,
and is now basically required by any new functionality in DNS such as
DNSSEC. EDNS(0) is standardized in [RFC 6891].
This test case checks that all name servers has the capability to do
EDNS(0) or if not, correctly replies to queries containing EDNS
(OPT record).
Servers not supporting EDNS(0) must return FORMERR
([RFC 6891, section 7]):
> Responders that choose not to implement the protocol extensions
> defined in this document MUST respond with a return code (RCODE) of
> FORMERR to messages containing an OPT record in the additional
> section and MUST NOT include an OPT record in the response.
Servers supporting EDNS(0) must reply with EDNS(0)
([RFC 6891, section 6.1.1]):
> If an OPT record is present in a received request, compliant
> responders MUST include an OPT record in their respective responses.
To eliminating the risk of falsely classifying the server as not supporting
EDNS due e.g. firewall issues, the UDP buffer size is set to 512 bytes
(octets).
## Scope
It is assumed that *Child Zone* is also tested by [Connectivity01]. This test
case will set DEBUG level on messages for non-responsive name servers.
## Inputs
* "Child Zone" - The domain name to be tested.
## Ordered description of steps to be taken to execute the test case
1. Created an SOA query for the *Child Zone* with an OPT record with
EDNS version set to "0" and with EDNS(0) option of payload size ("bufsize")
set to 512 and "DO" bit unset.
2. Create a second SOA query for the *Child Zone* without any OPT record.
3. Obtain the set of name server IP addresses using [Method4] and [Method5]
("Name Server IP").
4. For each name server in *Name Server IP* do:
1. Send the SOA query **with** OPT record to the name server and collect
the response.
2. If there is no DNS response, then:
1. Send the SOA query **without** OPT record to the name server and
collect the response.
2. If there is no DNS response, then output *[NO_RESPONSE]* and
go to next server.
3. Else (there is a DNS response), then output
*[BREAKS_ON_EDNS]* and go to next server.
3. Else, if the DNS response meet the following two criteria,
then output *[NO_EDNS_SUPPORT]*:
1. It has the RCODE "FORMERR"
2. It has no OPT record.
4. Else, if the DNS response meet the following criteria (compliant
server), then go to the next name server:
1. It has the RCODE "NOERROR".
2. The answer section contains the SOA record for *Child Zone*.
3. It has OPT record with EDNS version 0.
5. Else, if the DNS response meet the following criteria,
then output *[EDNS_RESPONSE_WITHOUT_EDNS]* and go to next server.
1. It has the RCODE "NOERROR".
2. It has no OPT record.
6. Else, if the DNS response meet the following criteria,
then output *[EDNS_VERSION_ERROR]* and go to next server.
1. It has the RCODE "NOERROR".
2. It has OPT record with EDNS version other than 0.
7. Else output *[NS_ERROR]* (i.e. other erroneous or unexpected
response).
## Outcome(s)
The outcome of this Test Case is "fail" if there is at least one message
with the severity level *ERROR* or *CRITICAL*.
The outcome of this Test Case is "warning" if there is at least one message
with the severity level *WARNING*, but no message with severity level
*ERROR* or *CRITICAL*.
The outcome of this Test case is "pass" in all other cases.
Message | Default severity level (when message is outputted)
:---------------------------------|:-----------------------------------
NO_RESPONSE | DEBUG
NO_EDNS_SUPPORT | WARNING
BREAKS_ON_EDNS | ERROR
EDNS_RESPONSE_WITHOUT_EDNS | ERROR
EDNS_VERSION_ERROR | ERROR
NS_ERROR | WARNING
## Special procedural requirements
If either IPv4 or IPv6 transport is disabled, ignore the evaluation of the
result of any test using this transport protocol and log a message reporting
the ignored result.
## Intercase dependencies
None
[Connectivity01]: ../Connectivity-TP/connectivity01.md
[BREAKS_ON_EDNS]: #outcomes
[EDNS_RESPONSE_WITHOUT_EDNS]: #outcomes
[EDNS_VERSION_ERROR]: #outcomes
[Method4]: ../Methods.md#method-4-obtain-glue-address-records-from-parent
[Method5]: ../Methods.md#method-5-obtain-the-name-server-address-records-from-child
[NO_EDNS_SUPPORT]: #outcomes
[NO_RESPONSE]: #outcomes
[NS_ERROR]: #outcomes
[RFC 6891, section 6.1.1]: https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.1
[RFC 6891, section 7]: https://datatracker.ietf.org/doc/html/rfc6891#section-7
[RFC 6891]: https://datatracker.ietf.org/doc/html/rfc6891
Reference in New Issue Copy Permalink